Ciphers are used when connecting to TDput with https. Customers with the most stringent security requirements should use the TDput defaults.
PUT allows TLS1.2 only by setting the allowed ciphers to TLSv1.2:HIGH:!aNULL:!NULL:@STRENGTH. If your security needs require that these ciphers be disallowed, you can create a cipher file providing TDput with a cipher list that is more restrictive. TDput uses this instead of the defaults.
-
To disallow ciphers like MD5 or RC4, create the /opt/teradata/TDput/data/AllowedCiphers file.
See the Open SSL Ciphers page for the list of cipher formats: https://www.openssl.org/docs/man1.0.2/apps/ciphers.htmlThe following are examples of valid strings. No quotes are needed:
HIGH:!MD5:@STRENGTH MEDIUM:HIGH:!MD5:!RC4:@STRENGTH
- Restart PUT services by typing the following: /etc/init.d/TDput restart.